Graphcool offers a very flexible authentication system that's based on functions.
In general, Graphcool allows you to specify that some of your available API operations require authentication. This effectively means that the HTTP request that's carrying the operation needs to have a valid authentication token in its
Authorization header. If that's not the case, the request will fail with a permission error.
To authenticate requests from your users, you need to generate a node token for them. A node token always needs to be associated with one particular node from your database.
There are other token kinds than node tokens. Read more in the Authentication Tokens chapter.
Node tokens are generated with
resolver functions. If you want to implement authentication, you first need to setup a corresponding
resolver in your service that returns a node token.
In order to get started quickly with authentication, you can use one of the predefined templates.
Was this page helpful?